Updated kernel-linus packages fix security vulnerabilities
Publication date: 22 Oct 2023Modification date: 22 Oct 2023
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-1076 , CVE-2023-4155 , CVE-2023-4921 , CVE-2023-5197 , CVE-2023-25775 , CVE-2023-42754 , CVE-2023-42756
Description
This kernel-linus update is based on upstream 6.4.16 and fixes or adds
mitigations for atleast the following security issues:
A flaw was found in the Linux Kernel. The tun/tap sockets have their
socket UID hardcoded to 0 due to a type confusion in their
initialization function. While it will be often correct, as tuntap
devices require CAP_NET_ADMIN, it may not always be the case, e.g., a
non-root user only having that capability. This would make tun/tap
sockets being incorrectly treated in filtering/routing decisions,
possibly bypassing network filters. CVE-2023-1076
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the
Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs
can trigger a double fetch race condition vulnerability and invoke the
`VMGEXIT` handler recursively. If an attacker manages to call the
handler multiple times, they can trigger a stack overflow and cause a
denial of service or potentially guest-to-host escape in kernel
configurations without stack guard pages (`CONFIG_VMAP_STACK`).
CVE-2023-4155
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq
component can be exploited to achieve local privilege escalation. When
the plug qdisc is used as a class of the qfq qdisc, sending network
packets triggers use-after-free in qfq_dequeue() due to the incorrect
.peek handler of sch_plug and lack of error checking in agg_dequeue().
We recommend upgrading past commit
8fc134fee27f2263988ae38920bc03da416b03d8. CVE-2023-4921
A use-after-free vulnerability in the Linux kernel's netfilter:
nf_tables component can be exploited to achieve local privilege
escalation. Addition and removal of rules from chain bindings within the
same transaction causes leads to use-after-free. We recommend upgrading
past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. CVE-2023-5197
Improper access control in the Intel(R) Ethernet Controller RDMA driver
for linux before version 1.9.30 may allow an unauthenticated user to
potentially enable escalation of privilege via network access.
CVE-2023-25775
A NULL pointer dereference flaw was found in the Linux kernel ipv4
stack. The socket buffer (skb) was assumed to be associated with a
device before calling __ip_options_compile, which is not always the case
if the skb is re-routed by ipvs. This issue may allow a local user with
CAP_NET_ADMIN privileges to crash the system. CVE-2023-42754
A flaw was found in the Netfilter subsystem of the Linux kernel. A race
condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel
panic due to the invocation of `__ip_set_put` on a wrong `set`. This
issue may allow a local user to crash the system. CVE-2023-42756
For other upstream fixes in this update, see the referenced changelogs.
References
- https://bugs.mageia.org/show_bug.cgi?id=32297
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.11
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.13
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.14
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.15
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.16
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1076
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4155
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4921
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5197
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25775
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42754
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42756
SRPMS
9/core
- kernel-linus-6.4.16-3.mga9